There are bits and pieces about you all over the Internet. If you’ve signed into Google and searched, made a phone call using Skype, saved a file in your Dropbox folder, or even just awakened and checked your email, you’ve left a trail of your activities on the Internet.
It’s easy for companies that are powering your emails and web searches, or advertisers who are directing their ads to you, to build a picture of who you are. People who have access to your information can easily figure out what you like, and predict what you’ll do next.
The recent government counter-terrorism programs that have been exposed, such as PRISM, indicate that federal agents and other operatives might use this data, as well. Not only do companies track what you’re doing, but they also correlate it.
Following the news release about PRISM, many tech company leaders have denied any knowledge of government access to their information. Mark Zuckerberg, CEO of Facebook, one of the world’s biggest data collectors, posted a message that read:
“When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if it is required by law.”
However, the law already permits quite a bit of digital snooping—even without a warrant. Authorities need a warrant if they wish to access the content of emails, stored by companies such as Yahoo and Google. However, as noted by ProPublica, they don’t need a warrant for IP (Internet Protocol) addresses of the computers used to access accounts.
The government doesn’t need a warrant to request draft emails, emails and texts that are older than 180 days, or data stored in the cloud on services like Dropbox. Investigators can simply produce a court order, and demand them.
When authorities acquire a court order, the amount of data available to them is multiplied. On Thursday, James Clapper, Director of U.S. National Intelligence, made a statement to the press to clarify this. According to Mr. Clapper, the government has access to “telephony metadata,” not to the content of phone calls. As vague of a term as “telephony metadata” is, it includes who you called, where you called from, and when you called.
Learning All About You
Once all of these bits and pieces of metadata are gathered, and a method of spotting patterns is applied, it becomes easy to put together a pretty good idea of who a person is, and what they’ve been up to.
For example, for over 15 monthes, a group from MIT (the Massachusettes Institute of Technology) analyzed location data from cellphones of 1.5 million people in a country. The team was able to identify individuals, simply by knowing where they were on four different occasions.
During Netflix’s release of anonymous watch histories of 500,000 subscribers (as a part of a public contest to create a method that will predict what movie a person would like) Arvind Narayanan, Princeton University security researcher, and his colleague Vitaly Shmatikov, were able to pin names to numbers. This was done by comparing histories in the anonymous data, with comments made by named individuals on IMDB.
“In every case, you find two location points, or six to eight movies, or three data points … it’s enough to identify a person,” Narayanan told NBC News.
Narayanan is now conducting research to find a way to make people harder to identify, based on their behavior online.
As you can probably imagine, Facebook provides a lot of information that can be identified. During a study that was published in the Proceedings of the Academy of Sciences in March, a team of data scientists presented how easily they could work out a person’s sexual preferences, political choices, and numerous other character details from their “Likes.”
Similarly, the study showed that people can work out identifying characteristics from search queries, browsing histories and recent purchase histories as well. Commercial companies, governmental institutions, or even Facebook friends can easily use software to collect attributes such as sexual orientation, intelligence, or political views that an individual might not have intended to share.
These types of attributes, even if incorrectly predicted, could pose a threat to an individual’s social status, well being, freedom, security or even their life.
The Sneaky Tricks Being Used
Advertisers already track our lives with surprising accuracy, based on very little information. For example, Target has determined when a woman was pregnant, even before her family knew! The same way that advertisers are profiling you to make money, law enforcement and counter-terrorism operatives are profiling you to hunt for suspects.
In April, the NSA released a document called “Untangling the Web: A Guide to Internet Research.” This massive 643-page document contained loads of tips for hunting publicly available information on the Internet. One section of this document, labeled “Google Hacking,” isn’t actually about hacking at all. It’s really just filled with tricks for locating accidentally published secrets.
Raytheon’s Rapid Information Overlay Technology (RIOT) software was built specifically to make this type of searching easier. It’s used by government customers to compile case files of location data collected from check-ins on Facebook, Twitter, Foursquare, and other public social outlets.
On Friday, President Obama stated that surveillance programs like PRISM have helped to prevent terrorist attacks. However, advocates for privacy have labeled such initiatives as over-reaching.
The important thing is, even without a “back door” into Facebook, Apple, Google and Microsoft servers; and even without necessary warrants to get specific information from those companies, the feds—and everyone else—can see an awful lot about you online. So remember this the next time you post a status to Facebook, upload a picture, or even just comment on an article.